Research @ CISL

2019

  • UWB-ED: Distance Enlargement Attack Detection in Ultra-Wideband.
    Mridula Singh, Patrick Leu, AbdelRahman Abdou, Srdjan Capkun.
    USENIX Security Symposium (2019)

2018

  • Comparative Analysis of Control Plane Security of SDN and Conventional Networks.
    AbdelRahman Abdou, Paul C. van Oorschot, Tao Wan.
    IEEE Communications Surveys and Tutorials (Vol.20. Num.4. pp:3542-3559. 2018)
  • Server Location Verification (SLV) and Server Location Pinning: Augmenting TLS Authentication.
    AbdelRahman Abdou, Paul C. van Oorschot.
    ACM Trans. Priv. Secur. (Vol.21. Num.1. pp:1:1-1:26. 2018)
  • Secure Client and Server Geolocation over the Internet.
    AbdelRahman Abdou, Paul C. van Oorschot.
    ;login: (Vol.43. Num.1. pp:null. 2018)
  • TARANET: Traffic-Analysis Resistant Anonymity at the Network Layer.
    Chen Chen, Daniele Enrico Asoni, Adrian Perrig, David Barrera, George Danezis, Carmela Troncoso.
    EuroS&P (2018)
  • Learning over subconcepts: Strategies for 1-class classification.
    Shiven Sharma, Anil Somayaji, Nathalie Japkowicz.
    Computational Intelligence (Vol.34. Num.2. pp:440-467. 2018)
  • Technological and Human Factors of Malware Attacks: A Computer Security Clinical Trial Approach.
    Fanny Lalonde Lévesque, Sonia Chiasson, Anil Somayaji, José M. Fernandez 0001.
    ACM Trans. Priv. Secur. (Vol.21. Num.4. pp:18:1-18:30. 2018)
  • After the BlockCLoud Apocalypse.
    Mark Burgess, Anil Somayaji.
    NSPW (2018)

2017

  • A survey on forensic event reconstruction systems.
    Abes Dabir, AbdelRahman Abdou, Ashraf Matrawy.
    IJICS (Vol.9. Num.4. pp:337-360. 2017)
  • CPV: Delay-Based Location Verification for the Internet.
    AbdelRahman Abdou, Ashraf Matrawy, Paul C. van Oorschot.
    IEEE Trans. Dependable Sec. Comput. (Vol.14. Num.2. pp:130-144. 2017)
  • Location Verification of Wireless Internet Clients: Evaluation and Improvements.
    AbdelRahman Abdou, Ashraf Matrawy, Paul C. van Oorschot.
    IEEE Trans. Emerging Topics Comput. (Vol.5. Num.4. pp:563-575. 2017)
  • Accurate Manipulation of Delay-based Internet Geolocation.
    AbdelRahman Abdou, Ashraf Matrawy, Paul C. van Oorschot.
    AsiaCCS (2017)
  • The SCION internet architecture.
    David Barrera, Laurent Chuat, Adrian Perrig, Raphael M. Reischuk, Pawel Szalachowski.
    Commun. ACM (Vol.60. Num.6. pp:56-65. 2017)
  • Internet Kill Switches Demystified.
    Benjamin Rothenberger, Daniele Enrico Asoni, David Barrera, Adrian Perrig.
    EUROSEC (2017)
  • Can I believe you?: Establishing Trust in Computer Mediated Introductions.
    Borke Obada-Obieh, Anil Somayaji.
    NSPW (2017)

2016

  • Modeling Data-Plane Power Consumption of Future Internet Architectures.
    Chen Chen, David Barrera, Adrian Perrig.
    CIC (2016)
  • Source Accountability with Domain-brokered Privacy.
    Taeho Lee, Christos Pappas, David Barrera, Pawel Szalachowski, Adrian Perrig.
    CoNEXT (2016)
  • Picking a (Smart)Lock: Locking Relationships on Mobile Devices.
    Elizabeth Stobert, David Barrera.
    WAY@SOUPS (2016)

2015

  • Taxing the Queue: Hindering Middleboxes From Unauthorized Large-Scale Traffic Relaying.
    AbdelRahman Abdou, Ashraf Matrawy, Paul C. van Oorschot.
    IEEE Communications Letters (Vol.19. Num.1. pp:42-45. 2015)
  • Accurate One-Way Delay Estimation With Reduced Client Trustworthiness.
    AbdelRahman Abdou, Ashraf Matrawy, Paul C. van Oorschot.
    IEEE Communications Letters (Vol.19. Num.5. pp:735-738. 2015)
  • What Lies Beneath? Analyzing Automated SSH Bruteforce Attacks.
    AbdelRahman Abdou, David Barrera, Paul C. van Oorschot.
    PASSWORDS (2015)
  • HORNET: High-speed Onion Routing at the Network Layer.
    Chen Chen, Daniele Enrico Asoni, David Barrera, George Danezis, Adrian Perrig.
    ACM Conference on Computer and Communications Security (2015)
  • On Building Onion Routing into Future Internet Architectures.
    Daniele Enrico Asoni, Chen Chen, David Barrera, Adrian Perrig.
    iNetSeC (2015)
  • Measuring the health of antivirus ecosystems.
    Fanny Lalonde Lévesque, Anil Somayaji, Dennis Batchelder, José M. Fernandez 0001.
    MALWARE (2015)

2014

  • Location verification on the Internet: Towards enforcing location-aware access policies over Internet clients.
    AbdelRahman Abdou, Ashraf Matrawy, Paul C. van Oorschot.
    CNS (2014)
  • Baton: certificate agility for android's decentralized signing infrastructure.
    David Barrera, Daniel McCarney, Jeremy Clark, Paul C. van Oorschot.
    WISEC (2014)
  • Risk prediction of malware victimization based on user behavior.
    Fanny Lalonde Lévesque, José M. Fernandez 0001, Anil Somayaji.
    MALWARE (2014)

2013

  • A High-Temperature Fiber Sensor Using a Low Cost Interrogation Scheme.
    David Barrera, Salvador Sales.
    Sensors (Vol.13. Num.9. pp:11653-11659. 2013)
  • Deadbolt: locking down android disk encryption.
    Adam Skillen, David Barrera, Paul C. van Oorschot.
    SPSM@CCS (2013)
  • A clinical study of risk factors related to malware infections.
    Fanny Lalonde Lévesque, Jude Nsiempba, José M. Fernandez 0001, Sonia Chiasson, Anil Somayaji.
    ACM Conference on Computer and Communications Security (2013)
  • Towards narrative authentication: or, against boring authentication.
    Anil Somayaji, David Mould, Carson Brown.
    NSPW (2013)

2012

  • A network-based approach to the multi-activity combined timetabling and crew scheduling problem: Workforce scheduling for public health policy implementation.
    David Barrera, Nubia Velasco, Ciro-Alberto Amaya.
    Computers & Industrial Engineering (Vol.63. Num.4. pp:802-812. 2012)
  • Tapas: design, implementation, and usability evaluation of a password manager.
    Daniel McCarney, David Barrera, Jeremy Clark, Sonia Chiasson, Paul C. van Oorschot.
    ACSAC (2012)
  • ThinAV: truly lightweight mobile cloud-based anti-malware.
    Chris Jarabek, David Barrera, John Aycock.
    ACSAC (2012)
  • Understanding and improving app installation security mechanisms through empirical analysis of android.
    David Barrera, Jeremy Clark, Daniel McCarney, Paul C. van Oorschot.
    SPSM@CCS (2012)
  • Methodology for a Field Study of Anti-malware Software.
    Fanny Lalonde Lévesque, Carlton R. Davis, José M. Fernandez 0001, Sonia Chiasson, Anil Somayaji.
    Financial Cryptography Workshops (2012)
  • Software Diversity: Security, Entropy and Game Theory.
    Saran Neti, Anil Somayaji, Michael E. Locasto.
    HotSec (2012)

2011

  • Secure Software Installation on Smartphones.
    David Barrera, Paul C. van Oorschot.
    IEEE Security & Privacy (Vol.9. Num.3. pp:42-48. 2011)
  • Accommodating IPv6 Addresses in Security Visualization Tools.
    David Barrera, Paul C. van Oorschot.
    Information Visualization (Vol.10. Num.2. pp:107-116. 2011)
  • Back to the Future: Revisiting IPv6 Privacy Extensions.
    David Barrera, Glenn Wurster, Paul C. van Oorschot.
    ;login: (Vol.36. Num.1. pp:null. 2011)
  • Mercury: Recovering Forgotten Passwords Using Personal Devices.
    Mohammad Mannan, David Barrera, Carson D. Brown, David Lie, Paul C. van Oorschot.
    Financial Cryptography (2011)

2010 and Earlier

  • A methodology for empirical analysis of permission-based security models and its application to android.
    David Barrera, Hilmi Günes Kayacik, Paul C. van Oorschot, Anil Somayaji.
    ACM Conference on Computer and Communications Security (2010)
  • The case for in-the-lab botnet experimentation: creating and taking down a 3000-node botnet.
    Joan Calvet, Carlton R. Davis, José M. Fernandez 0001, Jean-Yves Marion, Pier-Luc St-Onge, Wadie Guizani, Pierre-Marc Bureau, Anil Somayaji.
    ACSAC (2010)
  • Object-level recombination of commodity applications.
    Blair Foster, Anil Somayaji.
    GECCO (2010)
  • Visual Security Policy for the Web.
    Terri Oda, Anil Somayaji.
    HotSec (2010)
  • FiGD: An Open Source Intellectual Property Violation Detector.
    Carson D. Brown, David Barrera, Dwight Deugo.
    SEKE (2009)
  • Security visualization tools and IPv6 addresses.
    David Barrera, Paul C. van Oorschot.
    VizSEC (2009)
  • Analysis of the 1999 DARPA/Lincoln Laboratory IDS evaluation data with NetADHICT.
    Carson Brown, Alex Cowperthwaite, Abdulrahman Hijazi, Anil Somayaji.
    CISDA (2009)
  • Evaluating Security Products with Clinical Trials.
    Anil Somayaji, Yiru Li, Hajime Inoue, José M. Fernandez 0001, Richard Ford.
    CSET (2009)
  • Improving Security Visualization with Exposure Map Filtering.
    Mansour Alsaleh, David Barrera, Paul C. van Oorschot.
    ACSAC (2008)
  • The Evolution of System-Call Monitoring.
    Stephanie Forrest, Steven A. Hofmeyr, Anil Somayaji.
    ACSAC (2008)
  • SOMA: mutual approval for included content in web pages.
    Terri Oda, Glenn Wurster, Paul C. van Oorschot, Anil Somayaji.
    ACM Conference on Computer and Communications Security (2008)
  • Discovering Packet Structure through Lightweight Hierarchical Clustering.
    Abdulrahman Hijazi, Hajime Inoue, Ashraf Matrawy, Paul C. van Oorschot, Anil Somayaji.
    ICC (2008)
  • Learning DFA representations of HTTP for protecting web applications.
    Kenneth L. Ingham, Anil Somayaji, John Burge, Stephanie Forrest.
    Computer Networks (Vol.51. Num.5. pp:1239-1255. 2007)
  • Immunology, diversity, and homeostasis: The past and future of biologically inspired computer defenses.
    Anil Somayaji.
    Inf. Sec. Techn. Report (Vol.12. Num.4. pp:228-234. 2007)
  • A methodology for designing accurate anomaly detection systems.
    Kenneth L. Ingham, Anil Somayaji.
    LANC (2007)
  • NetADHICT: A Tool for Understanding Network Traffic.
    Hajime Inoue, Dana Jansens, Abdulrahman Hijazi, Anil Somayaji.
    LISA (2007)
  • The future of biologically-inspired security: is there anything left to learn?
    Anil Somayaji, Michael E. Locasto, Jan Feyereisl.
    NSPW (2007)
  • Hardware-Assisted Circumvention of Self-Hashing Software Tamper Resistance.
    Paul C. van Oorschot, Anil Somayaji, Glenn Wurster.
    IEEE Trans. Dependable Sec. Comput. (Vol.2. Num.2. pp:82-92. 2005)
  • Mitigating Network Denial-of-Service Through Diversity-Based Traffic Management.
    Ashraf Matrawy, Paul C. van Oorschot, Anil Somayaji.
    ACNS (2005)
  • Highlights from the 2005 New Security Paradigms Workshop.
    Simon N. Foley, Abe Singer, Michael E. Locasto, Stelios Sidiroglou, Angelos D. Keromytis, John P. McDermott, Julie Thorpe, Paul C. van Oorschot, Anil Somayaji, Richard Ford, Mark Bush, Alex Boulatov.
    ACSAC (2005)
  • Securing Email Archives through User Modeling.
    Yiru Li, Anil Somayaji.
    ACSAC (2005)
  • Towards Network Awareness.
    Evan Hughes, Anil Somayaji.
    LISA (2005)
  • Pass-thoughts: authenticating with our minds.
    Julie Thorpe, Paul C. van Oorschot, Anil Somayaji.
    NSPW (2005)
  • A Generic Attack on Checksumming-Based Software Tamper Resistance.
    Glenn Wurster, Paul C. van Oorschot, Anil Somayaji.
    IEEE Symposium on Security and Privacy (2005)
  • How to Win and Evolutionary Arms Race.
    Anil Somayaji.
    IEEE Security & Privacy (Vol.2. Num.6. pp:70-72. 2004)
  • Automated Response Using System-Call Delay.
    Anil Somayaji, Stephanie Forrest.
    USENIX Security Symposium (2000)
  • Intrusion Detection Using Sequences of System Calls.
    Steven A. Hofmeyr, Stephanie Forrest, Anil Somayaji.
    Journal of Computer Security (Vol.6. Num.3. pp:151-180. 1998)
  • Computer Immunology.
    Stephanie Forrest, Steven A. Hofmeyr, Anil Somayaji.
    Commun. ACM (Vol.40. Num.10. pp:88-96. 1997)
  • Building Diverse Computer Systems.
    Stephanie Forrest, Anil Somayaji, David H. Ackley.
    Workshop on Hot Topics in Operating Systems (1997)
  • Principles of a computer immune system.
    Anil Somayaji, Steven A. Hofmeyr, Stephanie Forrest.
    NSPW (1997)
  • A Sense of Self for Unix Processes.
    Stephanie Forrest, Steven A. Hofmeyr, Anil Somayaji, Thomas A. Longstaff.
    IEEE Symposium on Security and Privacy (1996)